Cybersecurity guidance for businesses

Strong security made easier

Security best practices for businesses

Review guidance >

Common bank and money scams

Explore resources >

Cyber incident response plan guidance

Develop plan >

Report fraud or suspicious activity

Report suspicious activity >

Security best practices for businesses

  • Create a unique password or passphrase: Create a long, unique, complex passphrase for every business and banking account. Make sure the passphrase is at least 12 characters long, and includes a mix of uppercase and lowercase letters, numbers, and symbols.
  • Protect account access: Never share your passwords, PINs, token codes, or other authorization credentials. If someone in your organization needs access to a Wells Fargo account, grant it only to those whose roles require it. Use Account Access Manager on Wells Fargo Business Online® to review account permissions, remove authorized signers, and manage guest users. 

    • Remember: Regularly verify who has access to the account.
  • Define roles and accountability: If your business has multiple employees, assign clear ownership for managing passwords, approving financial transactions, and monitoring account activity.
  • Sign-up for alerts: Enable alerts for transactions, changes to account settings, wire activity, and login attempts. Alerts will help you and your team quickly identify unusual or unauthorized activity. For more information, visit Alerts questions .
  • Enable multi-factor authentication (MFA): MFA adds a second step to verify your identity, making it much harder for criminals to access your information, even if your password is compromised. Learn more about enabling Wells Fargo two-step verification at sign-on .
  • Update software: Enable automatic updates for operating systems, applications, and browsers on company devices or any devices where you conduct banking activities.
  • Use anti-virus and spyware protection software: Install reputable, business-grade security software on every device, including employee laptops, mobile phones, and tablets. Ensure it updates automatically and alerts you and your team to suspicious activity.
  • Control software downloads: Allow installations only from trusted, approved sources. Review permissions and routinely remove unused or outdated apps that may introduce risk.
  • Check security settings: Regularly check device, browser, and application security settings. Limit which apps can access sensitive features such as the camera, microphone, location data, contacts, and file storage, especially on devices used for business communication or financial operations.
  • Regularly back up data and files: Ensure you are routinely backing up important data and files, including financial records, customer information, emails, and other key business documents.
  • Physically secure devices: Treat physical security as part of cyber defense. Store devices securely, avoid leaving them unattended, and use screen locks. Lost or stolen devices can expose sensitive business data and provide criminals access to accounts. 
  • Make cybersecurity a business priority: Reinforce that security is not just an IT function. It’s a core part of managing operational risk to a business. Every employee plays a role in protecting accounts, devices, and data.
  • Provide ongoing training: Beyond routine security and basic cyber hygiene training, ensure everyone in your organization knows how to recognize and report suspicious links, QR codes, and unexpected requests. Share the Wells Fargo Security best practices for individuals and Avoid common threats and scams pages with employees and trusted business contacts, like vendors and suppliers, for additional guidance.

    • Pro tip: Encourage employees to also review the Tips to avoid AI scams page to build awareness of evolving fraud techniques that leverage artificial intelligence to impersonate trusted contacts, mimic voices, and generate compelling scam messages.
  • Emphasize the importance of enabling MFA: Ensure all accounts connected to business operations are protected with multi-factor authentication (MFA). This includes social media, websites, and email accounts. Unauthorized access to any of these accounts can lead to financial or reputational damage for an organization.
  • Separate personal and business devices: Don’t allow employees to conduct business activities or access sensitive systems from personal devices unless those devices meet the company’s security standards.
  • Verify urgent requests, and be careful sharing info: Criminals often impersonate executives, vendors, or financial institutions to create pressure scenarios. Remember to always verify urgent or financial requests through a known, independent channel, and never through contact information in the suspicious message.
  • Establish enhanced controls for high-risk transactions: To help prevent payment fraud, consider using a two-person approval process for payment actions, particularly for key vendors and large or high-risk transactions. This process should also apply when adding new payment details or making changes to existing payment instructions. For more information, visit the Tips to avoid business email compromise (BEC) page.

To learn more, visit the Wells Fargo Avoid common threats and scams page.

Stay ahead of common threats and scams

Security Center education and awareness library

Explore resources

Avoid common threats and scams

Learn more

Tips to avoid business email compromise (BEC)

Stay informed

Safety tips to avoid AI scams

Review tips

Identify and avoid bank imposter scams

View details

Money and account safety tips for traveling

Explore recommendations

How to avoid IT and tech support scams

See more information

Avoid online payment and wire transfer scams and fraud

Get details

Sign-up may be required. Availability may be affected by your mobile carrier's coverage area. Your mobile carrier's message and data rates may apply.

DT1-05152027-12-8948136-1.1